IMPAQTR Aurora Insecure Direct Object Reference Vulnerability
Vulnerability
A vulnerability allowing Insecure Direct Object Reference (IDOR) attacks has been identified in IMPAQTR Aurora versions prior to 1.36. This vulnerability allows unauthorized access to the users list, organization details, bookmarks, and notifications of any organization.
Impact
Exploitation of this vulnerability could lead to unauthorized access to sensitive organizational data, including user lists, organization details, bookmarks, and notifications.
Reproduction
To reproduce this vulnerability, log into the application and intercept the request to the dashboard API endpoint using a proxy tool like Burp Suite. Once the request is captured, send it to the repeater and modify the company ID in the URL to access details of other organizations. Alternatively, the same can be achieved by using a curl command that includes the authorization token to fetch details from the API endpoint of a different company.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.